Re: [TLS] network-based security solution use cases

On Fri, Nov 10, 2017 at 11:39 AM, Nancy Cam-Winget (ncamwing) < ncamw...@cisco.com> wrote: > > Hi all, > > I think Flemming has expressed our points well. But I think we are losing > sight of the purpose of the draft: this is what industry is doing today in > response to requirements; whether imp

Re: [TLS] network-based security solution use cases

Hi all, I think Flemming has expressed our points well. But I think we are losing sight of the purpose of the draft: this is what industry is doing today in response to requirements; whether imposed by customers or regulations. I would not expect these to explicitly state how a solution, arc

Re: [TLS] network-based security solution use cases

On 11/7/17 7:01 PM, Stephen Farrell wrote: Hiya, On 07/11/17 23:27, Flemming Andreasen wrote: Thanks for taking an initial look at the document Stephen - please see below for responses so far On 11/7/17 4:13 AM, Stephen Farrell wrote: Hiya, On 07/11/17 02:48, Flemming Andreasen wrote: We

Re: [TLS] network-based security solution use cases

Hiya, On 08/11/17 00:23, Nancy Cam-Winget (ncamwing) wrote: > Hi Stephen, > Please see below: > > On 11/7/17, 4:08 PM, "Stephen Farrell" wrote: > > > Hiya, > > On 07/11/17 23:53, Nancy Cam-Winget (ncamwing) wrote: > > Hi Stephen, Adding to Flemming’s comment, finding “ex

Re: [TLS] network-based security solution use cases

On Tue, Nov 7, 2017 at 4:23 PM, Nancy Cam-Winget (ncamwing) wrote: > Hi Stephen, > Please see below: > > On 11/7/17, 4:08 PM, "Stephen Farrell" wrote: > > > Hiya, > > On 07/11/17 23:53, Nancy Cam-Winget (ncamwing) wrote: > > Hi Stephen, Adding to Flemming’s comment, finding “exact qu

Re: [TLS] network-based security solution use cases

Hi Stephen, Please see below: On 11/7/17, 4:08 PM, "Stephen Farrell" wrote: Hiya, On 07/11/17 23:53, Nancy Cam-Winget (ncamwing) wrote: > Hi Stephen, Adding to Flemming’s comment, finding “exact quotes” > will be difficult I'm sorry but when making a claim th

Re: [TLS] network-based security solution use cases

Hiya, On 07/11/17 23:53, Nancy Cam-Winget (ncamwing) wrote: > Hi Stephen, Adding to Flemming’s comment, finding “exact quotes” > will be difficult I'm sorry but when making a claim that such and such a regulation *requires* breaking TLS then you really do need to be that precise. > as their i

Re: [TLS] network-based security solution use cases

Hiya, On 07/11/17 23:27, Flemming Andreasen wrote: > Thanks for taking an initial look at the document Stephen - please see > below for responses so far > > On 11/7/17 4:13 AM, Stephen Farrell wrote: >> Hiya, >> >> On 07/11/17 02:48, Flemming Andreasen wrote: >>> We didn't draw any particular li

Re: [TLS] network-based security solution use cases

Hi Stephen, Adding to Flemming’s comment, finding “exact quotes” will be difficult as their intent is really not to break things but rather want to ensure that inspection and oversight is available to affect guards/protections within an (enterprise/data center) infrastructure. That said, PCI

Re: [TLS] network-based security solution use cases

Thanks for taking an initial look at the document Stephen - please see below for responses so far On 11/7/17 4:13 AM, Stephen Farrell wrote: Hiya, On 07/11/17 02:48, Flemming Andreasen wrote: We didn't draw any particular line, but the use case scenarios that we tried to highlight are those r

Re: [TLS] network-based security solution use cases

On 11/7/17 12:23 PM, Eric Rescorla wrote: On Tue, Nov 7, 2017 at 7:56 AM, Flemming Andreasen > wrote: Thank you for the feedback Ekr - please see below for responses On 11/6/17 12:43 PM, Eric Rescorla wrote: I took a look at this. Without getti

Re: [TLS] network-based security solution use cases

On Tue, Nov 7, 2017 at 7:56 AM, Flemming Andreasen wrote: > Thank you for the feedback Ekr - please see below for responses > > > On 11/6/17 12:43 PM, Eric Rescorla wrote: > > I took a look at this. > > Without getting into the question of whether the types of middleboxes > you describe here prov

Re: [TLS] network-based security solution use cases

Thank you for the feedback Ekr - please see below for responses On 11/6/17 12:43 PM, Eric Rescorla wrote: I took a look at this. Without getting into the question of whether the types of middleboxes you describe here provide a security benefit, there are several points in the document that are

Re: [TLS] network-based security solution use cases

Hiya, On 07/11/17 02:48, Flemming Andreasen wrote: >> > We didn't draw any particular line, but the use case scenarios that we > tried to highlight are those related to overall security and regulatory > requirements (including public sector) I had a quick look at the draft (will try read properl

Re: [TLS] network-based security solution use cases

On 11/5/17 10:31 AM, Florian Weimer wrote: * Nancy Cam-Winget: @IETF99, awareness was raised to some of the security WGs (thanks Kathleen ☺) that TLS 1.3 will obscure visibility currently afforded in TLS 1.2 and asked what the implications would be for the security solutions today. https://to

Re: [TLS] network-based security solution use cases

I took a look at this. Without getting into the question of whether the types of middleboxes you describe here provide a security benefit, there are several points in the document that are either wrong or at least misleading/confusing. - Key Synchronization This document notes that in TLS 1.2, it

Re: [TLS] network-based security solution use cases

* Nancy Cam-Winget: > @IETF99, awareness was raised to some of the security WGs (thanks > Kathleen ☺) that TLS 1.3 will obscure visibility currently afforded in > TLS 1.2 and asked what the implications would be for the security > solutions today. > https://tools.ietf.org/html/draft-camwinget-tls-

[TLS] network-based security solution use cases

All, @IETF99, awareness was raised to some of the security WGs (thanks Kathleen ☺) that TLS 1.3 will obscure visibility currently afforded in TLS 1.2 and asked what the implications would be for the security solutions today. https://tools.ietf.org/html/draft-camwinget-tls-use-cases-00 is an in